<?php
include('./include/conn.php');
/**
*htmlspecialchars 转换 html标签的特殊字符
*trim 函数，去除左边、右边空格
*/
$u = htmlspecialchars(trim($_POST['u']));
$p = htmlspecialchars(trim($_POST['p']));

$query = "SELECT `password` FROM users WHERE name='".$u."'";
//echo $query;

$rs = $link->query($query);
$row = $rs->fetch_assoc();

if($row['password']){
	if($p == $row['password']){
		$_SESSION['u'] = $u;
		echo "<script>alert('登录成功！');window.location.href='index.php';</script>";
	}else{
		echo "<script>alert('密码不正确，请重新输入！');window.history.go(-1);</script>";
	   }
	}else{
		echo "<script>alert('用户不存在，请注册！');window.history.go(-1);</script>";
    }

?>